Montag, 5. November 2012

The onion Router - Tor is a service that helps you to protect your anonymity while using the Internet.

The goal of the Tor project
is to provide a censorship-resistant & safer access to the
Internet. It is the most widely used free & open source
anonymization technique in existence. It also makes it possible to host
services like websites in a secure and anonymous fashion ("hidden
services")

Obviously, TOR needs a large amount of servers. As the TOR network is
not a commercial organisation, it requires voluntary supporters. But this support can be easy achieved with your Raspberry Pi.

How it Works

Tor helps to reduce the risks of both simple and sophisticated traffic
analysis by distributing your transactions over several places on the
Internet, so no single point can link you to your destination. The idea
is similar to using a twisty, hard-to-follow route in order to throw off
somebody who is tailing you — and then periodically erasing your
footprints. Instead of taking a direct route from source to
destination, data packets on the Tor network take a random pathway
through several relays that cover your tracks so no observer at any
single point can tell where the data came from or where it's going.

Tor relays are also referred to as "routers" or "nodes." They receive
traffic on the Tor network and pass it along. Check out the Tor website
for a more detailed explanation of how Tor works.
There are three kinds of relays that you can run in order to help the Tor network: middle relays, exit relays, and bridges.

MIDDLE RELAY
For greater security, all Tor traffic passes through at least three
relays before it reaches its destination. The first two relays are middle relays
which receive traffic and pass it along to another relay. Middle relays
add to the speed and robustness of the Tor network without making the
owner of the relay look like the source of the traffic. Middle relays
advertise their presence to the rest of the Tor network, so that any Tor
user can connect to them. Even if a malicious user employs the Tor
network to do something illegal, the IP address of a middle relay will
not show up as the source of the traffic. That means a middle relay is
generally safe to run in your home, in conjunction with other services,
or on a computer with your personal files. See our legal FAQ on Tor for more info.

EXIT RELAYAn exit relay is the final relay
that Tor traffic passes through before it reaches its destination. Exit
relays advertise their presence to the entire Tor network, so they can
be used by any Tor users. Because Tor traffic exits through these
relays, the IP address of the exit relay is interpreted as the source of
the traffic. If a malicious user employs the Tor network to do
something that might be objectionable or illegal, the exit relay may
take the blame. People who run exit relays should be prepared to deal
with complaints, copyright takedown notices, and the possibility that
their servers may attract the attention of law enforcement agencies. If
you aren't prepared to deal with potential issues like this, you might
want to run a middle relay instead. We recommend that an exit relay
should be operated on a dedicated machine in a hosting facility that is
aware that the server is running an exit node. The Tor Project blog has
these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

BRIDGEBridges are Tor relays which are not publicly listed as part
of the Tor network. Bridges are essential censorship-circumvention tools
in countries that regularly block the IP addresses of all publicly
listed Tor relays, such as China. A bridge is generally safe to run in
your home, in conjunction with other services, or on a computer with
your personal files.

Setting up a TOR Middle Relay on a Raspberry Pi

It is really easy to set up a Raspberry Pi Tor Relay to help the TOR Project by gifting some of your Bandwidth from your internet connection and CPU-Power of your Raspberry Pi and a little bit of your electricity.

We need:

1x 2-4 GB SD-Card from your old digicam (a 8GB class10 is available for 7€ at amazon)

a Punnet case out Paper for 0$, selfbuilt with Lego ?$, cheapest plastic case on eBay for 8.9$, my case is the Pibow from Pimoroni for 17.95£

SUM: 45-50€ to run a Tor middle relay to boost and strenghten the TOR Project.

I am powering my Pi from my Router USB-Port, which saves me another micro-USB Power Supply Unit. Booting to the GUI (LXDE in Raspbian) is disabled. And the RAM for the GPU is set to a minimum. Maximum RAM for the ARM CPU.

When the installations is done, you have to edit the TOR configuration file.

Configuration FILE torrc

The file is available at location /etc/tor/ .

First make a backup of your torrc configuration file!$ sudo cp /etc/tor/torrc /etc/tor/torrc.backup

Edit the configuration file. $ sudo vi /etc/tor/torrc

You need to edit/change up to ~10 variables.

SocksPort 0## Tor opens a socks proxy on port 9050 by default -- even if you don't## configure one below. Set "SocksPort 0" if you plan to run Tor only## as a relay, and not make any local application connections yourself.
Log notice file /var/log/tor/notices.log

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.logRunAsDaemon 1
## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.ORPort 9001
## Required: what port to advertise for incoming Tor connections.DirPort 9030# what port to advertise for directory connections
## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.

ExitPolicy reject *:* # no exits allowed
This is necessary to run the TOR Node as a Relay only without the Exit-node functionality.

Nickname rasptorxxx # (you can chose whatever you like)
## A handle for your relay, so people don't have to refer to it by key.RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.

ControlPort 9051
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
This is necessary for the Command Line Gui Tool TOR-ARM

After Changing of the settings you have to restart your Tor Server.

$ sudo /etc/init.d/tor restart

Now check if your Server is up and running. Check your logfile for a Success notice. $ cat /var/log/tor/log

If your installation and configuration was successful there should be a entry with "[notice] Tor has successfully opened a circuit. Looks like client functionality is working." . $ cat /var/log/tor/notices.logLook out for "[notice] Self-testing indicates your DirPort is reachable from the outside. Excellent."

Thanks, you are now volunteering to the TOR-Project. Karma Points are raising!

You should be able to find now your Tor-Relay on a Torstatus List after a few hours.

Installing the ARM - TOR Status Monitor

The anonymizing relay monitor (arm) is a terminal status monitor for Tor, intended for command-line aficionados, ssh connections, and anyone with a tty terminal. This works much like top does for system usage, providing real time statistics for:

It shows several useful informations.

the running tor-version

tor-flags

used ports

nickname if set

fingerprint of your node

uptime of your server

process id of tor

CPU usage of TOR and ARM process

memory usage of TOR process

bandwith and limits

in and outgoing bandwith monitor

events in logfiles

editing configuration

many many more

Installing TOR-ARM

You ned to set the Control Port in your Tor configuration file as described above! The Monitor Program needs this Port to control the tor-process and receive data. $ sudo apt-get install tor-arm

Starting$ sudo arm This starts arm as root, better is to start the Status Monitor with the user the TOR Server is using.[ARM_NOTICE] Arm is currently running with root permissions. This is not a good idea, andwill still work perfectly well if it's run with the same user as Tor (ie, starting with "sudo -udebian-tor arm").Start arm with the TOR user. $ sudo -u debian-tor arm

Samstag, 27. Oktober 2012

Bodhi Linux is a Linux Distribution leveraging the fast, customizable, and beautiful Enlightenment Desktop. Enlightenment coupled with a minimal set of utilities such as a browser, text editor, and package management tools form the solid foundation of Bodhi Linux.

This should also work for other distributions like Raspbian, Occidentalis, etc ... which are available as SD-Card image.

There are also the md5sums and SHA1 checksums available to check your downloaded files, if the download worked correctly.
On any Linux machine there should be the md5sum command available.
For windows user are also programs like winmd5sum available to do this check. If this check was successful, can extract the *.tar.gz file.

For the Linux/*nix Users:
Check your devices directory with$ ls /dev/sd*
Insert your SD-Card to your sd-card slot on your computer.
Then check again your devices directory, the new device (your SD-card) should now be listed as a new entry in this directory. Your first Harddisk is normally /dev/sda, and /dev/sda1, /dev/sda2 for your partitions.
Your SD-Card should be something like /dev/sdb.

We can easily use the old unix tool dd.
The command needs the parameters InputFile and OutputFile and BlockSize.dd if=image.img of=/path/to/drive bs=1M

The easiest and fastest way is too use the raspi-config tool to overclock your Board. There is an overclock section, where you can set the maximum frequency for the CPU.

If your board is supporting the highest Turbo Mode, there is a performance improvement up to 50% compared to the 700Mhz. This is not only the
300Mhz+ CPU Speed, but also the faster RAM+25% and Core+100%.

A good and reliable power supply is suggested when you try overclocking.

The raspi-config tool has 5 overclock presets. It is not guaranteed to work flawless. But it is improving. Try the modest or medium one for some weeks. If there are no problems you can take the next step. I have tested mine, with different Distributions and now it is running in Turbo (=highest) Mode without problems. Temperature in 24/7 mode stays at ~55°C in a Pibow case.
If you choose too high an overclock, your Pi may fail to boot, in which
case holding down the shift key during boot up will disable the
overclock for that boot, allowing you to select a lower level.

The Raspberry Pi enables dynamically overclocking and overvolting when the CPU is busy. !!!without affecting your warranty!!! If theBCM2835 is getting too hot (85°C) it limits the Turbo mode and the Raspberry Pi is running only in the normal mode. This should only happen, in really hot environments.

config.txt or overclocking by hand

The config.txt file is stored on the first partition on the SD-Card. Your Raspi Linux System mounts the first partition to /boot , then config.txt is stored on /boot/config.txt. It is read by the GPU before the ARM Core is started. It is used to set system configuration parameters like, overscan, overclocking, display_modes, additional licenses for MPG-2/VC-1 codecs, ...

Common Used parameters:

arm_freq Frequency of ARM in MHz. Default 700

core_freq Frequency of GPU processor core in MHz. It have an impact on ARM performance since it drives L2 cache. Default 250

initial_turbo Enables turbo mode from boot for the given value in seconds (up to 60) or until cpufreq sets a frequency. Can help with sdcard corruption if overclocked. Default 0

Detailed List is Here for more different Settings like arm_freq_min, core_freq_min or other settings to underclock, higher values or other tweaks.
Be carefull with overriding limits (current and temperature)!!!

Voiding Warranty

You will loose your warranty for your device if you use following settings combined. (force_turbo || current_limit_override || temp_limit>85) && over_voltage>0

Forcing the Turbo Mode together with OverVoltag will set the Sticky Bit.
OR
Disabling the current limit together with overvoltage will set the Sticky Bit.
OR
Increasing the Templimit over 85°C together with overvoltage will set the Sticky Bit.

Sticky Bit

The Sticky Bit is a bit which is only readable in the CPU and gets set when some dangerous settings are combined. If you send your Raspberry Pi back to your seller because it is broken, they can find out if you have used too dangerous overclock settings. Then there will be no refund.

You can check your sticky bit with$ cat /proc/cpuinfo

In the line with revision there should be something like this, which shows which manufacturing revision you are holding in your hand.
Revision : 0002

If the sticky bit is set it looks like this:
Revision : 1000002

Checking Temperature and CPU Speed
If you want to know your CPU speed which is at the moment used, you can find out with following commands:$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq700000pi@raspberrypi ~ $ cat /sys/class/thermal/thermal_zone0/temp55148

The speed is measured in KHz, and has to be divided by 1000 to get the MHz. The temperature has also to be divided by 1000, to get the temperature in °C, which is in this example 55°C.

To test if the Raspberry Pi is using the CPU_driver when needed open a second SSH shell and type in the first something which needs really much CPU power, like:$ sudo apt-get update

In the other window check your speed a ten times.pi@raspberrypi ~ $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq1000000
It should sometimes show the overclocked speed when needed. Only if there is Load on the CPU.

Sonntag, 21. Oktober 2012

If you don't know your IP address, you can either use the hostname. The ipscanner from my former post should help you finding out the IP address from your Raspberry Pi. # ssh pi@yourIPaddresspi@raspberrypi.lan's password: pi@raspberrypi ~ $ cd /etc/networkpi@raspberrypi /etc/network $ sudo vi interfaces

Lines starting with `#' are ignored. Note that end-of-line comments are NOT supported, comments must be on a line of their own.Then make a reboot:pi@raspberrypi ~ $ sudo reboot

Your Pi should reboot now with the new ip address.There is a good manual available for the interface.pi@raspberrypi ~ $ man interfacesThe static Method This method may be used to define Ethernet interfaces with statically allocated IPv4 addresses.

Arch

Arch Linux ARM is based on Arch Linux, which aims for simplicity and full control to the end user. Note that this distribution may not be suitable for beginners. The latest version of this image uses the hard-float ABI, and boots to a command prompt in around ten seconds.

HTPC

The Raspberry Pi can also be used as a Home Theater PC. The XBMC developers were provided with early Alpha Boards to port XBMC to the Raspberry Pi Board and support the Videocore IV GPU.

RaspBMC - Raspbmc is a minimal Linux distribution based on Debian that brings XBMC to your Raspberry Pi.

Installation with a Linux/Unix PC

Download and check the MD5SUM/SHA256SUM from the image after downloading.

put the SD-Card into your computer

check your actually mounted partitions with "ls /dev/sd*"

run the command "dmesg | tail" to see on witch path your sd-card is available.

now there should be the new device available. check it with "ls /dev/sd*"

One thing worth noting though is that /path/to/drive should not include any partition number. An example path would be something like: /dev/sdb

sudo dd if=image.img of=/path/to/drive bs=1M DD is a tool which reads data from if(Input File) and writes it to of(Output File). Please take care to not mix up the if & of parameters!!!

Repartitioning

After writing the image file onto the SD-Card there are two partitions on it. The first partiton /dev/sdb1 is a ~65MB FAT32 partition with the bootloader and ELF and config.txt files, etc ... . The second partition is mostly a ext partition with the root filesystem. But this partition is not as big as the SD-Card size. In Raspbian there is the Raspi-config tool, which offers a possibility to resize and grow the partition to use the whole SD-Card.

There are several partitioning tools available. But i mostly use the Program Gparted.
For this tool are 2 specialised LIVE Distros available.

Unbrick wr703n wifi router

It worked form me perfectly with a CP210x USB TTL serial bridge, little soldering problems, and some initial tinkerings with the TFTP server.

It is copied because i don't want to loose this important information if the blog goes maybe offline.

----------------- QUOTE BEGIN -----------------

Hello,
if like myself you push the thing a little too far, you should find this usefull

If nothing is responding anymore on your router :

locate the GND, TX and RX on the board :

solder some wire on it, this is very difficult, because it is really
small and the solder doesn't stick well on it. Once it is done, glue
everything and let some easy access wire, that could be usefull after.

power on the wr703n and quiclky send "tpl" followed by enter to the
terminal, this will make the wr703n enter in rescue U-boot hornet.

install a small tftp server on your computer (ex: http://tftpd32.jounin.net/) and plug an ethernet cable between your computer and the wr703n.
Configure the IP adress of your computer to 192.168.1.100 and put the file
openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin
on the tftp server.

Dienstag, 24. Januar 2012

IPKG Installation Procedure

Preparation

Note:In newer firmware, the Freecom firmware has included IPKG out of the box, so you don't need to install it anymore. Jump to Installing Packages
You do not need to do this if you run a more recent firmware. For Firmware 4.2.7 and 4.3.8, Jump to IPKG with 4.2.7-4.3.8

Hence, starting with Firmware 4.2.7 and 4.3.8, you may skip the
Preparation and Installation steps described before and immediately
start with Installing Packages.

Recommended reinstall of IPKG-Bootstrap

Because of some bugs in old bootstrap and some mistakes from Freecom installing of the bootstrap is recommended. During this all installed packages and manual configs on optware are gone! It is pretty easy:

download current bootstrap and copy it to FSG (if ipkg works type: wget <bootstrap-link>)

unmount old optware:

umount /opt

remove optware:

rm -rf /home/.optware
rm -rf /usr/lib/ipkg

reboot

run bootstrap:

sh <path to bootstrap file>

Note that now the bugs like 'update-alternatives' and missing 'sort'
are gone. Also all optware boot-script works. So you don't need to write
own scripts to run apache2, openssh and so on.

so i tried to boot the FSG-3 with RESET/EMERGENCY Button pressed, then it takes a few seconds
and it starts up with network settings

I used the load command

and booted the recovery linux wich recovers the fsg. but there appeared some problems because of the

bad flash images

so i found the

http://ecos.sourceware.org/docs-latest/redboot/redboot-guide.html

and the fis commands

http://ecos.sourceware.org/docs-latest/redboot/fis-init-command.html

This command is used to initialize the Flash Image System
(FIS). It should normally only be executed once, when RedBoot
is first installed on the hardware. If the reserved images or
their sizes in the FIS change, due to a different configuration
of RedBoot being used, it may be necessary to issue the command
again though.

so i initialized the fis with this command and started again the fsg with emergency button and loaded the recovery image and repaired my fsg-3

Now it is booting with the Freecom Firmware 4.2.7

:)

so i'm not afraid to change something in the flash layout, add partition for microcode and openWRT purposes.